CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and mandates patching by 4 July 2026 for US federal agencies, signalling active or imminent exploitation.
An unidentified threat actor is actively exploiting CVE-2026-0257 to bypass authentication on PAN-OS GlobalProtect gateways and establish unauthorized VPN connections.
Iranian state-affiliated APT Nimbus Manticore demonstrates newly adopted techniques including SEO poisoning and enhanced capabilities during active geopolitical conflict, targeting European entities.
Check Point documents a 124% surge in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025,a strategically significant shift in the DACH threat landscape for manufacturing organizations.
A use-after-free vulnerability in Google's Views component enables heap corruption via crafted HTML pages when users perform specific UI gestures; critical CVSS score requires immediate update to version 150.0.7871.47 or later.
Critical heap-corruption vulnerability in Chrome requires user interaction (specific UI gestures) for exploitation and is therefore not remotely exploitable without user engagement.
This is the RAR5 sibling of CVE-2023-40477 (fixed only in the RAR3 path through version 6.23); the new vulnerability affects recovery files and requires only that the user perform a test/repair operation on the crafted .rev files.
Local privilege escalation in Windows Secure Kernel requires already-elevated code execution rights; relevant for systems with compromised privileged user or process accounts.
The vulnerability enables arbitrary code execution through malicious Chrome extensions and requires user interaction to install the malicious extension.
A use-after-free vulnerability in GPU processing allows an attacker with renderer access to achieve full sandbox escape,critical for browser security in production environments.
The vulnerability enables an attacker with renderer-process access to escape the Chrome sandbox and execute arbitrary code,a critical escalation across browser security boundaries.
Critical RCE vulnerability in Chrome Chromoting component requires immediate patching; the flaw is triggered via malicious network packets and affects remote desktop usage.
The vulnerability requires an already-compromised renderer process and thus represents the second stage of a multi-stage attack chain rather than a direct remote code execution vector.
A sandbox-escape vulnerability in Chromium allows an attacker with renderer-process access to break browser isolation and execute arbitrary code on the host system,a critical risk for endpoints running Chrome or Chromium-based browsers.
A critical use-after-free vulnerability in the Chrome renderer enables sandbox escape under certain conditions, potentially leading to complete system compromise.
A critical use-after-free vulnerability in the Ozone rendering engine enables remote code execution via crafted HTML pages without requiring user interaction.
A critical use-after-free vulnerability in Chrome's Chromoting component enables remote code execution via malicious network traffic and requires immediate patching on Windows systems using Chrome remote access.
An authenticated RCE vulnerability in Fortinet FortiWeb with high CVSS score enables arbitrary code execution and requires prompt patch prioritization in network security infrastructure.
A kernel vulnerability in win32kfull allows local attackers with low-privilege access to escalate privileges on Windows systems; CVSS 7.8 and active tracking by ZDI.
The vulnerability allows attackers to deceive authenticated users, steal their session tokens, or generate persistent access tokens to inject malicious extension versions into the Open VSX supply chain.
The vulnerability requires active user interaction (installation of a malicious extension) and thus presents a moderate, not critical, risk if user security training is effective.
A side-channel vulnerability in Chrome's Scroll mechanism allows attackers to leak confidential cross-origin data through a crafted HTML page, raising concerns about browser security against subtle timing-based exploits.
For Windows systems with Chrome: High-severity RCE through WebApp installation manipulation requires user interaction but poses elevated risk for industrial workstations.
The vulnerability enables sandbox escape after renderer process compromise, but requires prior compromise and is primarily a browser risk with no known active exploitation reported.
The vulnerability in the Chrome Updater enables local privilege escalation on Windows systems, but requires system access and a malicious file to exploit.
The vulnerability requires specifically manipulated UI gestures from the user, which limits the risk of opportunistic remote exploitation but enables targeted attacks against known users.
The vulnerability requires a successfully compromised renderer process as a prerequisite; it is thus relevant for multi-stage exploitation attacks but is addressed in isolation through browser updates.
The vulnerability allows an attacker with control over the renderer process to bypass site isolation, demonstrating that isolation between websites is not guaranteed when the renderer is compromised.
The vulnerability requires a pre-compromised renderer process and then enables sandbox escape , a two-stage exploitation scenario that underscores the importance of browser isolation and defense-in-depth measures.
High-severity RCE vulnerability in Blink requires immediate Chrome update to version 150.0.7871.47 or later to prevent sandbox escapes via crafted HTML pages.
A sandbox escape vulnerability in Google Chrome allows attackers to potentially break out of the browser sandbox via crafted HTML pages, enabling arbitrary code execution.
Sandbox-escape potential through use-after-free in Chrome renderer enables an attacker with a compromised renderer process to break out of the browser sandbox , threat to endpoint security in web-based attack scenarios.
The vulnerability enables privilege escalation via crafted HTML pages once the renderer process is compromised, which is relevant for multi-stage attack chains.
Heap-corruption vulnerability in Chromium's Dawn graphics engine enables potential remote code execution via crafted HTML pages without additional user interaction.
An implementation vulnerability in Google Chrome allows remote attackers to obtain potentially sensitive information from process memory via crafted HTML pages.
A sandbox escape vulnerability in the Chrome renderer allows an attacker with control over the renderer process to break security boundaries and potentially execute system code.
A use-after-free vulnerability in Chromoting enables remote code execution via malicious network traffic, affecting Linux systems running Chrome versions prior to 150.0.7871.47.
The vulnerability requires a pre-compromised renderer process and is primarily relevant in multi-stage attack chains rather than standalone exploitation.
The vulnerability requires prior compromise of the renderer process and enables a sandbox escape , an escalation scenario relevant in targeted attacks.
This is a standard patch notice from the NVD with no indication of active exploitation or specific attack scenarios beyond the basic vulnerability description.
This vulnerability allows an attacker with a compromised renderer process to escape the sandbox via crafted HTML content, requiring timely updates of Chrome installations.
The vulnerability enables remote injection of arbitrary scripts via crafted HTML pages with high severity, posing significant risk to web-based applications and cloud services used by organizations.
A CSS implementation flaw in Chrome allows attackers to bypass the same-origin policy,a fundamental browser security model,which significantly simplifies phishing, credential harvesting, and malware vectors against end users.
A local vulnerability in the Chrome Updater enables privilege escalation on Windows systems, which is relevant for organizations with local security models, as attackers with user access can gain OS-level privileges.
A flaw in Canvas policy enforcement enables attackers to extract sensitive cross-origin data through crafted web pages, posing elevated risk to users operating across multiple web contexts.
The vulnerability allows an attacker to execute code within Chrome's sandbox; a sandbox escape is possible if combined with additional vulnerabilities.
The vulnerability requires local access and file-system interaction, limiting risk in typical enterprise environments where desktop isolation and endpoint detection mechanisms are active.
This is an active, critical security flaw in a widely-used browser that can be exploited on Linux systems through minimal user-interaction social engineering.
This vulnerability enables sandbox escape following renderer compromise , a multi-stage attack posing elevated risk to Linux systems within manufacturing environments.
The vulnerability requires prior compromise of the renderer process, which restricts the practical exploitation chain and is primarily relevant in targeted attacks following initial access.
The exploit requires a previously compromised renderer process, which limits immediate exploitability but remains relevant as a second-stage attack following initial compromise.
The vulnerability requires user interaction but enables arbitrary code execution within the browser context, posing significant risk to manufacturing organizations deploying Chrome on Windows endpoints.
The sandbox escape via a heap buffer overflow in V8 enables attackers to break out of the Chrome sandbox and execute arbitrary code with user privileges.
The vulnerability requires specific UI gestures and a malicious file delivery, limiting real-world attack risk in production environments; however, prompt update to version 150.0.7871.47 or later is necessary.
A sandbox escape vulnerability in the renderer process allows an attacker with a compromised renderer to break out of browser isolation and potentially gain system-level access , a critical risk beyond mere information disclosure.
BSI alert on multiple GNU libc vulnerabilities with broad impact on all Linux systems in production environments; urgency and details depend on the severity level of the underlying CVEs.
The BSI warns of multiple vulnerabilities in Chrome and Edge browsers without citing specific CVE IDs, suggesting this is a summary advisory covering already-known or imminent patches.
BSI warns of multiple critical vulnerabilities in Ubiquiti UniFi OS Server enabling remote code execution and data compromise , a direct threat to network infrastructure requiring urgent patching.
The BSI alert addresses local code execution in a widely deployed PDF reader commonly used for document handling in production environments; specific CVE identifiers and patch status are needed for prioritization.
An aggregation report covering ~382 partly critical CVEs in Chromium-based browsers without describing an active exploitation campaign or specific attack patterns.
BSI warns of multiple Apache vulnerabilities enabling DoS and security bypasses; without specific CVE details, this is a generic warning without immediate tactical novelty.
The BSI warns of multiple unspecified vulnerabilities in Google Chrome whose details have not yet been publicly disclosed; exact CVE numbers and patches are pending.
The BSI advisory addresses multiple vulnerabilities in widely-used Mozilla products without specifics on CVE numbers or CVSS scores; details are required for patch prioritization.
BSI warns of multiple vulnerabilities in Synology DSM without naming specific CVE identifiers; details on exact impact and patch status are not clear from this advisory.
BSI warning for multiple vulnerabilities in Adobe Creative Cloud with code-execution potential; no specific CVE IDs or PoC status mentioned in this alert.
Threat actors distribute manipulated ScreenConnect archives disguised as legitimate freeware utilities (OBS Studio, DS4Windows, DNS Jumper, Glary Utilities) to gain access to enterprise-wide systems.
A campaign with 81 million Microsoft 365 login attempts indicates large-scale, automated attacks likely exploiting stolen or weak credentials and potentially bypassing multi-factor authentication.
The BSI warning describes multiple OpenSSL vulnerabilities without specific CVE designations or severity levels , a typical aggregated security alert for critical infrastructure, but requires clarification for prioritization.
A newly discovered RCE vulnerability in 7-Zip when processing NTFS archives requires user interaction but poses significant risk in manufacturing environments where archives are frequently exchanged.
The vulnerability requires an already-compromised renderer process and is therefore primarily an escalation mechanism after initial compromise, not a primary attack vector.
Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.
FortiBleed is actively being exploited by the Lynx ransomware group for credential theft prior to ransomware deployment, indicating coordinated attack-chain coordination.
ARToken is a fully automated PhaaS panel with 80+ API endpoints for targeted Microsoft 365 phishing, including persistent token acquisition via Microsoft Authentication Broker and SharePoint exfiltration , an escalated threat model compared to earlier EvilTokens reporting.
An out-of-bounds read vulnerability in FFmpeg within Chrome enables attackers to extract potentially sensitive data from process memory via a crafted video file.
UI spoofing vulnerability in Chrome allows attackers to impersonate browser interface via crafted HTML pages, potentially enhancing phishing campaigns.
A sandbox escape vulnerability allows an attacker with renderer process access to break out of the Chrome sandbox, enabling privilege escalation on Windows systems.
A race condition in the DataTransfer mechanism allows attackers to extract sensitive data from browser process memory via a crafted HTML page,relevant for all employees who handle confidential content in Chrome.
The CVE affects a validation flaw in Chrome's ANGLE component that allows an attacker with renderer process access to leak sensitive memory contents,a relatively low risk in stable enterprise environments.
A vulnerability in Google Chrome's WebUI allows attackers to leak cross-origin data through malicious network traffic , relevant for organizations relying on Chrome for sensitive business applications.
This is a pure patch notification without reports of active exploitation or targeted campaigns; strategic relevance falls below management escalation threshold.
The vulnerability allows an attacker to bypass the same-origin policy via a crafted HTML page, potentially compromising sessions across different origins.
A side-channel vulnerability in Chromium's ComputePressure API enables exfiltration of cross-origin data through crafted HTML pages under specific conditions.
The vulnerability requires prior compromise of the renderer process; for attackers this constitutes a two-stage exploit (web-RCE + sandbox-escape) and is thus further limited in practice by modern browser isolation (e.g., Windows Sandbox, separate processes).
The vulnerability allows attackers to exfiltrate cross-origin data via malicious HTML pages,a direct threat to multi-tab and cloud-based workflows in enterprises.
The vulnerability requires deliberate user interaction (specific UI gestures) and access to a crafted HTML page, limiting attack risk to advanced social-engineering scenarios.
Although the vulnerability is rated Medium severity, it enables code execution within the browser sandbox and should be patched promptly, but is not currently documented as actively exploited.
This is a standard Chromium security update with no indication of active exploitation; the UI-spoofing vulnerability requires prior renderer-process compromise.
The vulnerability requires already-compromised renderer processes and is not known to be actively exploited; this is a standard browser patch without geopolitical or campaign implications.
Vulnerability enables bypass of same-origin policy via crafted HTML page without authentication, potentially allowing web-based attacks on locally trusted content.
A privilege escalation vulnerability in Chromoting requires a local attacker to already have file access on the system , typical of insider or post-compromise scenarios following initial compromise.
The BSI has published an update warning on multiple unspecified vulnerabilities in Firefox, Firefox ESR and Thunderbird; specific CVE identifiers and exploitation reports are not provided in this notice.
BSI alert on Linux Kernel vulnerabilities lacks CVE details, complicating prioritization for Ubuntu deployments; specific CVEs needed for patch management.
A BSI notification regarding a vague TeamViewer vulnerability without CVE assignment and lacking detailed attack scenarios suggests preventive awareness rather than active exploitation.
A Microsoft Defender vulnerability is being actively exploited by ransomware groups, yet CISA does not proactively notify users when KEV-listed vulnerabilities enter active exploitation by ransomware campaigns.
North Korean APT Sapphire Sleet executed targeted supply-chain attack against npm ecosystem, compromising 140+ packages with malicious dependencies for automatic injection into developer environments.
The USA has announced a reward for information about Russian hackers behind organized phishing attacks against Signal users,a sign of escalating state-sponsored cyber operations targeting Western communications infrastructure.
CISA has added the SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog, and multiple malware families (TaskWeaver, Djinn Stealer) are being deployed post-exploitation,indicating coordinated, active attack campaigns.
Attackers actively exploit an authentication bypass in SimpleHelp to deliver malware that specifically targets developer credentials, SSH keys, and cryptocurrency wallets,suggesting supply-chain and development-pipeline targeting.
BSI warns of multiple critical vulnerabilities in Firefox, Firefox ESR and Thunderbird enabling code execution, sandbox escape and memory corruption , specific CVEs and patch status required for priority assessment.
The BSI called Windchill administrators at night to warn of a critical, actively exploited vulnerability,a sign of serious ongoing compromises in the manufacturing sector.
Critical
Russian ransomware group (identity unclear, but linked to eCrime operations) C3
A significant number of Fortigate customers are already compromised via dormant admin accounts planted by ransomware groups , strategic backdoor infrastructure for future attacks.
CISA warns of credential exposure in Fortinet devices, indicating active exploitation or threats that extend beyond generic security updates and require targeted hardening measures.
BSI alert on multiple critical vulnerabilities in 7-Zip enabling local and remote code execution; patch status and affected versions should be verified.
The BSI warns of multiple privilege escalation vulnerabilities in sudo; without CVE numbers, it remains unclear whether these are already-known or newly disclosed flaws.
BSI issues warning on multiple Chrome/Edge vulnerabilities without specific CVE numbers; incomplete details suggest a coordination or staged-update scenario.
The BlueHammer vulnerability is already being exploited by ransomware groups in active attacks, not merely in theoretical scenarios; this indicates an immediate threat to unpatched Windows systems.
Multiple vendor-signed UEFI applications enable Secure Boot bypass via BYOVD-style attacks, allowing arbitrary code execution during the firmware phase before OS initialization.
Threat actors abuse ClickOnce applications to establish persistent remote access and update malware via the built-in update mechanism without requiring new user interaction.
Microsoft introduces agent-based AI systems (MDASH) for automated vulnerability discovery and extends threat protection to AWS databases alongside enhanced identity backup capabilities.